ip search

[TheeJaxon]

I have the following ip address I have been corresponding with, they are supposed to be a travel agency/agent that I have been working with for a trip.
I have done the ip look up several times and all had different results first result put them in New Jersey, United States but a second search put them in Oregon, United States.
I am told that they are in the United Arabic Emirates. But I know little on how this works and would like to make sure that they are legit.

Thank you for any help.

Return-Path: <[email protected]>
Received: from BLU004-OMC1S21.hotmail.com (blu004-omc1s21.hotmail.com. [65.55.116.32])
by mx.google.com with ESMTPS id y2si9849036oen.46.2016.05.15.05.00.37
for <[email protected]>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Sun, 15 May 2016 05:00:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 65.55.116.32 as permitted sender) client-ip=65.55.116.32;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 65.55.116.32 as permitted sender) smtp.mailfrom=[email protected];
dmarc=pass (p=NONE dis=NONE) header.from=hotmail.com
Received: from NAM02-BL2-obe.outbound.protection.outlook.com ([65.55.116.9]) by BLU004-OMC1S21.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008);
Sun, 15 May 2016 04:59:59 -0700
Received: from CY1NAM02FT012.eop-nam02.prod.protection.outlook.com
(10.152.74.57) by CY1NAM02HT143.eop-nam02.prod.protection.outlook.com
(10.152.74.78) with Microsoft SMTP Server (TLS) id 15.1.492.8; Sun, 15 May
2016 11:59:58 +0000
Received: from SN1PR15MB0286.namprd15.prod.outlook.com (10.152.74.59) by
CY1NAM02FT012.mail.protection.outlook.com (10.152.75.158) with Microsoft SMTP
Server (TLS) id 15.1.492.8 via Frontend Transport; Sun, 15 May 2016 11:59:58
+0000
Received: from SN1PR15MB0286.namprd15.prod.outlook.com ([10.162.106.25]) by
SN1PR15MB0286.namprd15.prod.outlook.com ([10.162.106.25]) with mapi id
15.01.0492.019; Sun, 15 May 2016 11:59:57 +0000
From: Desiree Castillo <[email protected]>
To: "[email protected]" <[email protected]>
Subject: Fwd: Importante
Thread-Topic: Importante
Thread-Index: AQHRrlRvzXQ7DQd3dEmSf1LNxzXeuJ+5TWsAgAABfDyAAAQsAIAAktzj
Date: Sun, 15 May 2016 11:59:57 +0000
Message-ID: <[email protected]od.outlook.com>
References: <[email protected]>,<[email protected].outlook.com>,<[email protected]od.outlook.com>,<[email protected].outlook.com>,<[email protected]od.outlook.com>,<[email protected].outlook.com>
In-Reply-To: <[email protected].outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=softfail (sender IP is 25.152.74.59)
smtp.mailfrom=hotmail.com; gmail.com; dkim=none (message not signed)
header.d=none;gmail.com; dmarc=fail action=none header.from=hotmail.com;
received-spf: SoftFail (protection.outlook.com: domain of transitioning
hotmail.com discourages use of 25.152.74.59 as permitted sender)
x-tmn: [juN717ANsfh1TsUel0ft+FX8yZWXpt3J]
x-eopattributedmessage: 0
x-forefront-antispam-report: CIP:25.152.74.59;IPV:NLI;CTRY:GB;EFV:NLI;SFV:NSPM;SFS:(10019020)(98900003);DIR:OUT;SFP:1102;SCL:1;SRVR:CY1NAM02HT143;H:SN1PR15MB0286.namprd15.prod.outlook.com;FPR:;SPF:SoftFail;MLV:ovrnspm;A:1;MX:1;LANG:es;
x-ms-office365-filtering-correlation-id: 364b1340-0bfa-44b4-f5e7-08d37cb86fbd
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(1601124038)(5061506196)(5061507196)(1603103041)(1603101087)(1601125047);SRVR:CY1NAM02HT143;
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(432015012)(82015046);SRVR:CY1NAM02HT143;BCL:0;PCL:0;RULEID:;SRVR:CY1NAM02HT143;
x-forefront-prvs: 09435FCA72
Content-Type: multipart/alternative;
boundary="_000_SN1PR15MB02866A4A59A8DFEB08037BFBE7760SN1PR15MB0286namp_"
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 May 2016 11:59:57.8043
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1NAM02HT143
Return-Path: [email protected]
X-OriginalArrivalTime: 15 May 2016 11:59:59.0739 (UTC) FILETIME=[4E518CB0:01D1AEA1]

--_000_SN1PR15MB02866A4A59A8DFEB08037BFBE7760SN1PR15MB0286namp_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

[Chrispcritters]

Unfortunately hotmail does not include the sender's IP address in the email headers. In general I would be wary of any business that uses a personal hotmail email address to conduct business.

[nielsencl1]

In general, Hotmail does not provide the sender's IP address. But in some cases I have seen where there are IP addresses showing that can help an investigation. In this case, I noticed the following:

authentication-results: spf=softfail (sender IP is 25.152.74.59)
smtp.mailfrom=hotmail.com; gmail.com; dkim=none (message not signed)
header.d=none;gmail.com; dmarc=fail action=none header.from=hotmail.com;
received-spf: SoftFail (protection.outlook.com: domain of transitioning
hotmail.com discourages use of 25.152.74.59 as permitted sender)

This IP address is registered to the "UK Ministry of Defence" (http://whatismyipaddress.com/ip/25.152.74.59)
and I think that may be the indication you are looking for that you are dealing with some kind of scammer.

Good luck and don't trust ANYONE on the Internet!!!